Added optional ldap_no_tls_verify config that allows bypassiung ldap ssl certification check

This commit is contained in:
jerhat 2020-07-09 14:24:36 +08:00
parent 9d7f226c8e
commit 78be951474
3 changed files with 15 additions and 2 deletions

View File

@ -23,6 +23,7 @@ Configuration values are as follows:
|`ldap_host`|String||The hostname or IP address for your ldap server| |`ldap_host`|String||The hostname or IP address for your ldap server|
|`ldap_scheme`|String|Optional|The that should be used to connect. `ldap` or `ldaps`. This is set by default based on SSL settings| |`ldap_scheme`|String|Optional|The that should be used to connect. `ldap` or `ldaps`. This is set by default based on SSL settings|
|`ldap_ssl`|Boolean|Optional|Indicates if SSL should be used. Defaults to `false`| |`ldap_ssl`|Boolean|Optional|Indicates if SSL should be used. Defaults to `false`|
|`ldap_no_tls_verify`|Boolean|Optional|Indicates if certificate should be verified when using SSL. Defaults to `true`|
|`ldap_port`|Integer|Optional|Port used to connect to the LDAP server. This will default to 389 or 636, depending on your SSL settings| |`ldap_port`|Integer|Optional|Port used to connect to the LDAP server. This will default to 389 or 636, depending on your SSL settings|
|`ldap_bind_dn`|String||The dn for the bind user that will connect to LDAP. Eg. `cn=admin,dc=example,dc=org`| |`ldap_bind_dn`|String||The dn for the bind user that will connect to LDAP. Eg. `cn=admin,dc=example,dc=org`|
|`ldap_bind_password`|String||The password for the provided bind user.| |`ldap_bind_password`|String||The password for the provided bind user.|

View File

@ -44,6 +44,8 @@ pub struct Config {
ldap_scheme: Option<String>, ldap_scheme: Option<String>,
ldap_ssl: Option<bool>, ldap_ssl: Option<bool>,
ldap_port: Option<u16>, ldap_port: Option<u16>,
// LDAP skip tls verify
ldap_no_tls_verify: Option<bool>,
// LDAP auth config // LDAP auth config
ldap_bind_dn: String, ldap_bind_dn: String,
ldap_bind_password: Pass, ldap_bind_password: Pass,
@ -109,6 +111,10 @@ impl Config {
self.ldap_ssl.unwrap_or(false) self.ldap_ssl.unwrap_or(false)
} }
pub fn get_ldap_no_tls_verify(&self) -> bool {
self.ldap_no_tls_verify.unwrap_or(false)
}
pub fn get_ldap_port(&self) -> u16 { pub fn get_ldap_port(&self) -> u16 {
match self.ldap_port { match self.ldap_port {
Some(ldap_port) => ldap_port, Some(ldap_port) => ldap_port,

View File

@ -5,7 +5,7 @@ use std::error::Error;
use std::thread::sleep; use std::thread::sleep;
use std::time::Duration; use std::time::Duration;
use ldap3::{DerefAliases, LdapConn, Scope, SearchEntry, SearchOptions}; use ldap3::{DerefAliases, LdapConn, Scope, SearchEntry, SearchOptions, LdapConnSettings};
mod bw_admin; mod bw_admin;
mod config; mod config;
@ -65,8 +65,13 @@ fn ldap_client(
ldap_url: String, ldap_url: String,
bind_dn: String, bind_dn: String,
bind_pw: String, bind_pw: String,
no_tls_verify: bool
) -> Result<LdapConn, Box<dyn Error>> { ) -> Result<LdapConn, Box<dyn Error>> {
let ldap = LdapConn::new(ldap_url.as_str())?;
let settings = LdapConnSettings::new()
.set_no_tls_verify(no_tls_verify);
let ldap = LdapConn::with_settings(settings, ldap_url.as_str())?;
match ldap.simple_bind(bind_dn.as_str(), bind_pw.as_str()) { match ldap.simple_bind(bind_dn.as_str(), bind_pw.as_str()) {
_ => {} _ => {}
}; };
@ -80,6 +85,7 @@ fn search_entries(config: &config::Config) -> Result<Vec<SearchEntry>, Box<dyn E
config.get_ldap_url(), config.get_ldap_url(),
config.get_ldap_bind_dn(), config.get_ldap_bind_dn(),
config.get_ldap_bind_password(), config.get_ldap_bind_password(),
config.get_ldap_no_tls_verify()
); );
if ldap.is_err() { if ldap.is_err() {